Skip to content

terraform-yc-modules/terraform-yc-security-group

BranchesTags

Repository files navigation

Security Groups Terraform module for Yandex.Cloud

Features

  • Create Security Group and rules in your VPC
  • Output Security Group ID for referencing

Use ingress_rules_with_cidrs to add rules with IP address ranges.

Use ingress_rules_with_sg_ids to add rules with other SGs as a traffic source.

Use self to add rule "self_security_group" for communication within a SG.

How to configure Terraform for Yandex.Cloud

  • Install YC CLI
  • Add environment variables for terraform auth in Yandex Cloud:
export YC_TOKEN=$(yc iam create-token)
export YC_CLOUD_ID=$(yc config get cloud-id)
export YC_FOLDER_ID=$(yc config get folder-id)

Requirements

Name Version
terraform >= 1.0.0
yandex > 0.8

Providers

Name Version
yandex 0.90.0

Modules

No modules.

Resources

Name Type
yandex_vpc_security_group.this resource
yandex_vpc_security_group_rule.egress_rules resource
yandex_vpc_security_group_rule.ingress_nlb_hc_rule resource
yandex_vpc_security_group_rule.ingress_rules_with_cidrs resource
yandex_vpc_security_group_rule.ingress_rules_with_sg_ids resource
yandex_vpc_security_group_rule.ingress_self_rule resource
yandex_client_config.client data source

Inputs

Name Description Type Default Required
egress_rules Security group egress rules with CIDRs.
Example:
egress_rules = [
  {
    protocol       = "ANY"
    description    = "To the internet"
    v4_cidr_blocks = ["0.0.0.0/0"]
  },
  ]
 any n/a yes
folder_id Folder ID where the resources will be created string null no
ingress_rules_with_cidrs Security group rules with CIDRs as a source.
Example:
ingress_rules_with_cidrs = [
  {
    description    = "ssh"
    port           = 22
    protocol       = "ANY"
    v4_cidr_blocks = ["0.0.0.0/0"]
  },
  {
    description    = "ICMP"
    v4_cidr_blocks = ["0.0.0.0/0"]
    from_port      = 0
    to_port        = 65535
  },
  ]
 any n/a yes
ingress_rules_with_sg_ids Security group rules with other SG-id as a source.
Example:
ingress_rules_with_sg_ids = [
  {
    protocol          = "ANY"
    description       = "Communication with web SG"
    security_group_id = "xxx222xxx"
  },
  ]
 any n/a yes
labels Set of key/value label pairs to assign. map(string) null no
name Security group name string n/a yes
network_id Existing network where resources will be created string null no
nlb_hc Allow to communicate with NLB health check servers bool false no
self Allow to communicate inside security group bool true no
self_from_port Allow to communicate within security group with port from number null no
self_port Allow to communicaten within security group with port number null no
self_protocol Allow to communicate within security group with protocol string "ANY" no
self_to_port Allow to communicate within security group with port to number null no

Outputs

Name Description
id Security group ID

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

8 stars

Watchers

9 watching

Forks

4 forks
Report repository

Releases

1 tags

Packages

No packages published

Contributors 2

  •  
  •  

Languages